2. Disclaimer
This presentation contains graphics, text and trademarks
that are the property of their respective owners. No rights
in this presentation are transferred.
Some of us are married to lawyers.
Get the PDF at techtriad.com/convergesouth/
www.TechTriad.com
10/18/2013
6. BE VERY SCARED!
Guess where most malware sites originate!
www.TechTriad.com
10/18/2013
7. LET’S GET TO IT
Items marked with a red star
mean that if you are not an
uber-geek, server geek,
WordPress developer, or
Unix-smart, hire someone
who is.
Or lean on a friend.
Not all site owners can
perform all the tips, tricks,
and tools shown today.
www.TechTriad.com
10/18/2013
8. 1 - INSTALL WORDPRESS SECURELY
DO NOT…
DO…
use one-click
WordPress installs
use the 5-minute WP
install
use the cheapest web
host you can find
update from public wifi
(if you do, change your
pass)
update plugins &
themes
update WordPress core
ask a geek if you’re not
sure
BACKUP first
BACKUP routinely
www.TechTriad.com
10/18/2013
9. 2 - USE CUSTOM LOGIN LINKS
Custom login link
Using http://yoursite.com/wplogin.php?
So are the hackers.
Ask a geek to program a more secure
URL for your login.
Also consider Better WP Security plugin
(with several security options).
www.TechTriad.com
10/18/2013
10. 2 – USE STRONG PASSWORDS
Use a strong password.
Mix letters, characters, and numbers.
BAD: “suerocks”
BETTER: “$u3-r0ck$!”
(see how that looks like “suerocks”?)
Get three strong passwords and rotate them through all your logins!
www.TechTriad.com
10/18/2013
11. 3 – KILL “admin”
Demoting the admin user is good.
Deleting the admin user is much better.
How to delete admin
1. Create a new account
with a unique name.
2. Set it to administrator.
3. Log out, log in with the
new account.
4. Go to All Users and
delete the admin
account.
www.TechTriad.com
10/18/2013
12. 3 - TWO-FACTOR AUTHENTICATION
When logging in from an unfamiliar device, force a
txt verification to your phone to authenticate your
login.
Consider this security for Google & FB logins.
www.TechTriad.com
Plugin: Consider Google
Authenticator
10/18/2013
13. 3 - USE A GOOD GREAT WEB HOST
You get what you pay for. Do you know?
1. How much you pay for hosting versus how
much angst you’d be in if the site were lost or
your server blacklisted?
2. How many of the host’s sites are blacklisted for
malware?
3. What version of server software they use or
how often they update it?
4. Who has access to account credentials?
www.TechTriad.com
10/18/2013
14. 4 – BEWARE FREE WORDPRESS THEMES
You get what you pay for.
The Internet used to be free & we trusted downloads
For-pay themes are called “Premium”
If you have a business or important personal site:
BUY A THEME from a trusted source & update it
DESIGN YOUR THEME in Photoshop and…
HIRE A GOOD FRONT-END DEVELOPER to build it
Make sure it’s RESPONSIVE (phones, tablets)
www.TechTriad.com
10/18/2013
15. 4 - FREE THEMES CAN BE EVIL
Use trusted theme developers
Of the 10 sites reviewed:
1.
2.
3.
Safe = 1
Iffy = 1
Avoid = 8
http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
www.TechTriad.com
10/18/2013
16. 4 –TRUSTED THEME DEVELOPERS
New WP themes have
more features than most
people can/will use.
New themes have
complex features and
example data
Buy a theme, install
properly, and update.
Be wary of custom
frameworks
www.TechTriad.com
ThemeForest.net
10/18/2013
17. 5 - USE A CHILD THEME
Buy a theme. Install it. Customize it.
Update the theme and lose all your customization.
1.
2.
THE SOLUTION IS A CHILD THEME
Buy themes that work with child themes.
Install the theme as a child theme.
Update the parent when the theme is updated
(OBTW, are you checking for updates?)
Customizing happens in the child theme.
Better premium themes support child
themes.
www.TechTriad.com
10/18/2013
18. 6 – USE REMOTE SECURITY
There are services that monitor your WordPress
site and check for link injections & other bad
things.
Consider Sucuri.net
Free or Pro Version of SUCURI.net
Be alerted to malware/hacks
Pro version = $90/year (1 site)
Free version = checks WP core install,
find out where the last login came from,
if site is hacked can change passes, keys.
www.TechTriad.com
10/18/2013
19. 6 – SECURITY AND FILE PERMISSIONS
*Set the file and folder permissions (or at least know what it means)
www.TechTriad.com
10/18/2013
20. 7 – FRAMEWORKS & FEATURES
New themes contain new standard features.
Menu styles and shapes
Fancy sliders (Revolution, Viewport)
Shortcodes (learn or die!)
Page snippets
Custom post types
New page templates
Integration with online services
Woocommerce or other ecommerce integration
Frameworks manage these features.
www.TechTriad.com
10/18/2013
21. 7 – CUSTOM FRAMEWORKS
Frameworks are core systems that make it easy to do fancy things.
Most custom frameworks
are, well, custom.
Major WP updates mean
you need to update your
theme first (use a child
theme!).
Some framework updates
break older features.
Frameworks prevent you
from switching to other
themes easily.
www.TechTriad.com
10/18/2013
23. 7 – BOOTSTRAP CSS FRAMEWORK
Bootstrap is a free collection of tools for creating websites and web
applications. A goal is to standardize some popular online tools.
Bootstrap is a popular mobile front-end framework
Used by NASA and MSNBC sites
Bootstrap is Open Source (@GitHub.com)
Encourages consistency across Internet tools
You can buy Bootstrap-built premium themes but the
purpose is to build on its core framework
Bootstrap also had a major upgrade recently that
cannot be applied to older Bootstrap sites
www.TechTriad.com
10/18/2013
24. 7 – FRAMEWORK FEATURES: SHORTCODES
Shortcodes are buttons you click to format on-screen
cool tools.
The most common example is buttons.
WordPress has built-in shortcodes
codex.wordpress.org/Shortcode
Built-in WordPress shortcodes
[audio]
[caption]
[embed]
[gallery]
www.TechTriad.com
[video]
10/18/2013
26. 7 – COMMON SHORTCODES
www.TechTriad.com
10/18/2013
27. 8 – PLUGINS ROCK WHEN THEY WORK
1.
2.
3.
When was the plugin written?
When was the plugin last updated?
Does it work with the latest version of WP?
www.TechTriad.com
10/18/2013
29. 9 – PLUGIN “HEAVEN” RULES
Use Trusted
Plugins
Use Few
Plugins
Update
Plugins
Delete
Plugins
Buy Plugins
www.TechTriad.com
10/18/2013
30. 10 – PLUGIN HELL
Free plugins eventually break your site.
Sally builds a plugin you like & install. Sally goes on
to other things. You update WordPress and can’t
log into your site.
Welcome to Plugin Hell!
Trusted
Updates
• How long
have they
been
around?
• Last time
plugin
was
updated?
www.TechTriad.com
Examples
• iThemes
• Woo
• Others
10/18/2013
31. 11 – SELL MORE SAFELY ONLINE
WooCommerce is becoming a popular WP
ecommerce plugin and is integrated with many
premium themes.
WooCommerce is audited by Sucuri. It’s free.
Pretty full ecommerce features & dozens of
extras.
www.TechTriad.com
10/18/2013
32. 11 – ECOMMERCE OPTIONS
For a few items, consider Jotform + PayPal
jotform.com (lots of new integrations)
iThemes - big splash with “Exchange” Simple
Ecommerce using PayPal or Stripe (free or pro)
ithemes.com/exchange/
Do you want to host ecommerce ON your site?
A full-service WP store? Try Shopify.
There are lots of ecommerce plugins. Choose wisely.
www.TechTriad.com
10/18/2013
33. 12 - BACKUP. PERIOD.
Backup on a schedule.
Backup before making changes.
Know what your hosting company backs up.
Send a copy of your backup to your cloud server.
WordPress has parts & pieces.
Know if they guarantee their backups.
If the server melts down, can they reinstall your site?
Cloud backup works with Dropbox, iCloud,
Skydrive, Box.net and others.
www.TechTriad.com
10/18/2013
34. 12 – BACKUP PREMIUM TOOLS
Backup Buddy is a plugin for
scheduled backups including
backup to cloud. Not cheap,
but what’s your site worth?
VaultPress High quality,
trusted backup solution.
www.TechTriad.com
10/18/2013
35. Find Me Online
Dr. Sue Polinsky
President, TechTriad, Inc.
Phone: 336-852-4321
Email: sue@techtriad.com
Twitter: @suepolinsky, techtriad
Facebook: facebook.com/suepolinsky
Facebook: facebook.com/techtriad
Google+: spolinsky@gmail.com
LinkedIn: suepolinsky
www.TechTriad.com
10/18/2013